Merge pull request #11 from github/oss

Updates before opensourcing

Author: mastahyeti

CODE_OF_CONDUCT.md

@@ -0,0 +1,76 @@
+# Contributor Covenant Code of Conduct
+
+## Our Pledge
+
+In the interest of fostering an open and welcoming environment, we as
+contributors and maintainers pledge to making participation in our project and
+our community a harassment-free experience for everyone, regardless of age, body
+size, disability, ethnicity, sex characteristics, gender identity and expression,
+level of experience, education, socio-economic status, nationality, personal
+appearance, race, religion, or sexual identity and orientation.
+
+## Our Standards
+
+Examples of behavior that contributes to creating a positive environment
+include:
+
+* Using welcoming and inclusive language
+* Being respectful of differing viewpoints and experiences
+* Gracefully accepting constructive criticism
+* Focusing on what is best for the community
+* Showing empathy towards other community members
+
+Examples of unacceptable behavior by participants include:
+
+* The use of sexualized language or imagery and unwelcome sexual attention or
+  advances
+* Trolling, insulting/derogatory comments, and personal or political attacks
+* Public or private harassment
+* Publishing others' private information, such as a physical or electronic
+  address, without explicit permission
+* Other conduct which could reasonably be considered inappropriate in a
+  professional setting
+
+## Our Responsibilities
+
+Project maintainers are responsible for clarifying the standards of acceptable
+behavior and are expected to take appropriate and fair corrective action in
+response to any instances of unacceptable behavior.
+
+Project maintainers have the right and responsibility to remove, edit, or
+reject comments, commits, code, wiki edits, issues, and other contributions
+that are not aligned to this Code of Conduct, or to ban temporarily or
+permanently any contributor for other behaviors that they deem inappropriate,
+threatening, offensive, or harmful.
+
+## Scope
+
+This Code of Conduct applies within all project spaces, and it also applies when
+an individual is representing the project or its community in public spaces.
+Examples of representing a project or community include using an official
+project e-mail address, posting via an official social media account, or acting
+as an appointed representative at an online or offline event. Representation of
+a project may be further defined and clarified by project maintainers.
+
+## Enforcement
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be
+reported by contacting the project team at [email protected]. All
+complaints will be reviewed and investigated and will result in a response that
+is deemed necessary and appropriate to the circumstances. The project team is
+obligated to maintain confidentiality with regard to the reporter of an incident.
+Further details of specific enforcement policies may be posted separately.
+
+Project maintainers who do not follow or enforce the Code of Conduct in good
+faith may face temporary or permanent repercussions as determined by other
+members of the project's leadership.
+
+## Attribution
+
+This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4,
+available at https://www.contributor-covenant.org/version/1/4/code-of-conduct.html
+
+[homepage]: https://www.contributor-covenant.org
+
+For answers to common questions about this code of conduct, see
+https://www.contributor-covenant.org/faq

CONTRIBUTING.md

@@ -33,3 +33,14 @@ Here are a few things you can do that will increase the likelihood of your pull
 - [How to Contribute to Open Source](https://opensource.guide/how-to-contribute/)
 - [Using Pull Requests](https://help.github.com/articles/about-pull-requests/)
 - [GitHub Help](https://help.github.com)
+
+## Releasing
+
+If you are the current maintainer of this gem:
+
+- Merge whatever PRs are to be included in your new version into the `master` branch.
+- Increment the version in [`lib/ssh_data/version.rb`](lib/ssh_data/version.rb), following [SemVer](https://semver.org/).
+- Run `bundle install` to update the version in `Gemfile.lock`.
+- Make a commit with a message lik `bump version to 0.0.1` and push this to `master`.
+- Run `gem build ssh_data.gemspec` to build a new `ssh_data-<VERSION>.gem`.
+- Run `gem push ssh_data-<VERSION>.gem` to publish the new version to rubygems.org.

README.md

@@ -1,6 +1,10 @@
 # ssh_data
 
-This is a Ruby library for parsing SSH public keys and certificates.
+This is a Ruby library for processing SSH keys and certificates.
+
+The scope of this project is limited to processing and directly using keys and certificates. It can be used to generate SSH private keys, verify signatures using public keys, sign data using private keys, issue certificates using private keys, and parse certificates and public and private keys. This library supports RSA, DSA, ECDSA, and ED25519<sup>[*](#ed25519-support)</sup> keys. This library does not offer or intend to offer functionality for SSH connectivity, processing of SSH wire protocol data, or processing of other key formats or types.
+
+**Project Status:** Used by @github in production
 
 ## Installation
 
@@ -27,3 +31,31 @@ cert.key_id
 cert.public_key
 #=> <SSHData::PublicKey::RSA>
 ```
+
+## ED25519 support
+
+Ruby's standard library does not include support for ED25519, though the algorithm is implemented by the [`ed25519` Gem](https://rubygems.org/gems/ed25519). This library can parse ED25519 public and private keys itself, but in order to generate keys or sign or verify messages, the calling application must load the `ed25519` Gem itself. This avoids the necessity of installing or loading this third party dependency when the calling application is only interested in parsing keys.
+
+```ruby
+require "ssh_data"
+
+key_data = File.read("~/.ssh/id_ed25519")
+key = SSHData::PrivateKey.parse_openssh(key_data)
+#=> <SSHData::PrivateKey::ED25519>
+
+SSHData::PrivateKey::ED25519.generate
+#=> raises SSHData::AlgorithmError
+
+require "ed25519"
+
+SSHData::PrivateKey::ED25519.generate
+#=> <SSHData::PrivateKey::ED25519>
+```
+
+## Contributions
+
+This project is not currently seeking contributions for new features or functionality, though bug fixes are welcome. See [CONTRIBUTING.md](CONTRIBUTING.md) for more information.
+
+## License
+
+This project is published under the MIT license. See [LICENSE.md](LICENSE.md) for mor information.

lib/ssh_data/private_key/ed25519.rb

@@ -7,6 +7,7 @@ class ED25519 < Base
       #
       # Returns a PublicKey::Base subclass instance.
       def self.generate
+        PublicKey::ED25519.ed25519_gem_required!
         from_ed25519(Ed25519::SigningKey.generate)
       end
 
@@ -56,6 +57,7 @@ def initialize(algo:, pk:, sk:, comment:)
       #
       # Returns a binary String signature.
       def sign(signed_data, algo: nil)
+        PublicKey::ED25519.ed25519_gem_required!
         algo ||= self.algo
         raise AlgorithmError unless algo == self.algo
         raw_sig = ed25519_key.sign(signed_data)

lib/ssh_data/public_key/ed25519.rb

@@ -9,6 +9,13 @@ def self.enabled?
         Object.const_defined?(:Ed25519)
       end
 
+      # Assert that the ed25519 gem has been loaded.
+      #
+      # Returns nothing, raises AlgorithmError.
+      def self.ed25519_gem_required!
+        raise AlgorithmError, "the ed25519 gem is not loaded" unless enabled?
+      end
+
       def initialize(algo:, pk:)
         unless algo == ALGO_ED25519
           raise DecodeError, "bad algorithm: #{algo.inspect}"
@@ -30,9 +37,7 @@ def initialize(algo:, pk:)
       #
       # Returns boolean.
       def verify(signed_data, signature)
-        unless self.class.enabled?
-          raise VerifyError, "the ed25519 gem isn't loadedd"
-        end
+        self.class.ed25519_gem_required!
 
         sig_algo, raw_sig, _ = Encoding.decode_signature(signature)
         if sig_algo != ALGO_ED25519

spec/private_key/ed25519_spec.rb

@@ -78,4 +78,27 @@
     expect(keys.size).to eq(1)
     expect(keys.first).to be_an(SSHData::PrivateKey::ED25519)
   end
+
+  it "fails cleanly if the ed25519 gem hasn't been loaded" do
+    backup = Object.send(:remove_const, :Ed25519)
+    key = openssh_key.first
+
+    begin
+      expect {
+        expect(key.sk).not_to be_nil
+        expect(key.pk).not_to be_nil
+        expect(key.public_key).not_to be_nil
+      }.not_to raise_error
+
+      expect {
+        described_class.generate
+      }.to raise_error(SSHData::AlgorithmError)
+
+      expect {
+        key.sign(message)
+      }.to raise_error(SSHData::AlgorithmError)
+    ensure
+      Object.const_set(:Ed25519, backup)
+    end
+  end
 end

spec/public_key/ed25519_spec.rb

@@ -67,15 +67,15 @@
 
   it "fails cleanly if the ed25519 gem hasn't been loaded" do
     expect(described_class.enabled?).to be(true)
-     backup = Object.send(:remove_const, :Ed25519)
-     expect(described_class.enabled?).to be(false)
+    backup = Object.send(:remove_const, :Ed25519)
+    expect(described_class.enabled?).to be(false)
 
     begin
       expect {
         SSHData::Certificate.parse_openssh(fixture("rsa_leaf_for_ed25519_ca-cert.pub"),
           unsafe_no_verify: false
         )
-      }.to raise_error(SSHData::VerifyError)
+      }.to raise_error(SSHData::AlgorithmError)
     ensure
       Object.const_set(:Ed25519, backup)
     end

ssh_data.gemspec

@@ -8,6 +8,7 @@ Gem::Specification.new do |s|
   s.license = "MIT"
   s.homepage = "https://github.com/github/ssh_data"
   s.authors = ["mastahyeti"]
+  s.email = "[email protected]"
   s.required_ruby_version = "~> 2.3"
   s.files = Dir["./lib/**/*.rb"] + ["./LICENSE.md"]